Irish DPC to investigate Facebook

Even if you’re not a Facebook user, chances are that your computer is carrying cookies from The Social Network™. They’re scattered all over the Web like digital malarial mosquitoes waiting for the next host.

They’re also, according to Austrian law student Max Schrens, part of an infrastructure that allows Facebook to build “shadow profiles” of people who have never signed on to Facebook and therefore have never consented to its data slurp.

According to Schrens’ complaint to the Irish Data Protection Commissioner, these shadow profiles are mainly gathered by encouraging users to share information about their friends, even if those people aren’t users. For example, he writes, when a user synchs a mobile phone to their Facebook account, they’re handing information on non-users to Facebook; similarly, importing e-mail address books, importing profiles from services like Twitter, and even sending Facebook invites to friends – all of these help round out the profiles Facebook can build of non-users.

According to the Irish Times, the group Europe-v-Facebook has used his research to force a privacy investigation by the Data Protection Commissioner.

His formal complaint claims that the information collected by Facebook Ireland is excessive, and is gathered “without notice or consent by the data subject. This information might also constitute sensitive data such as political opinions, religious or philosophical beliefs, sexual orientation and so on.”

Schrens also says the interested generated by the Europe-v-Facebook group has been so intense that it’s hampering Facebook’s ability to respond to his request for information held about him: “due to the recent high volume of personal data access requests, there are significant delays and that Facebook would be unlikely to respond within the 40-day period set down by the Irish data-protection office. So I can’t verify Europe-v-Facebook’s claim that the data contained therein differs from what I downloaded from Facebook,” he notes.

Other complaints raised by Europe-v-Facebook include the alleged use of the “Like” button to track people “all over the Internet”; facial recognition technology; the retention of messages after users have deleted them; and the ability for users to be added to groups without their consent.

Australia’s privacy watch-puppy watchdog, the Privacy Commissioner, recently passed over the cookies issue, and is unlikely to pursue the “shadow profiles” debate without a specific complaint.